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Attorney Docket No. 207562 

IN THE UNITED STATES PATENT AND TRADEMARK OFFICE 

In re Application of: 
Feldbau et al. 

Group Art Unit: Not Assigned 

Application No. 

Examiner: Not Assigned 

Filed: November 28, 2000 

For: APPARATUS AND METHOD FOR 
AUTHENTICATING THE 
DISPATCH AND CONTENTS OF 
DOCUMENTS 

PRELIMINARY AMENDMENT 

Commissioner of Patents and Trademarks 
Washington, D.C. 20231 

Dear Sir: 

Prior to the examination of the present patent application, please enter the following 
amendments and consider the following remarks. 

IN THE CLAIMS: 

Please delete claims 1-63 and substitute therefor new claims 64-73 as follows: 

--64. Apparatus for authenticating that certain information has been transmitted 
from a sender via a dispatcher to a recipient, the apparatus comprising: 

means for providing a set A comprising a plurality of information elements al,.„,an, 
where said information element al is originated from the sender and comprising the contents 
of the information being electronically transmitted to said recipient, and said one or more 
information elements a2,...,an comprising dispatch-related information and comprise at least 
the following elements: 

a2 - a time indication associated with said dispatch; and 

a3 - information describing the destination of said dispatch. 
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and wherein at least said information element a2 is provided in a manner that is resistant to or 
indicative of tampering by either of said sender and said recipient; and 

an authenticator functioning as a non-interested third party with respect to the sender 
and the receiver and having 

(1) means for associating said dispatch-related information with said element al by 
generating authentication-information comprising a representation of at least said elements 
al, a2 and a3, said representation comprising a set of one or more elements, each comprising 
a representation of one or more elements of said set A; and 

(2) means for securing at least part of said authentication-information against 
tampering of said sender and recipient. 

65. A method for authenticating that certain information has been transmitted from 
a sender via a dispatcher to a recipient, comprising the steps of: 

providing a set A comprising a plurality of information elements al,...,an, where said 
information element al is originated from the sender and comprising the contents of the 
information being electronically transmitted to said recipient, and said one or more 
information elements a2,...,an comprising dispatch-related information and comprise at 
least the following elements: 

a2 - a time indication associated with said dispatch; and 

a3 - information describing the destination of said dispatch, 
and wherein at least said information element a2 is provided in a manner that is resistant to 
or indicative of tampering by either of said sender and said recipient; 

associating, by an authenticator functioning as a non-interested third party with 
respect to the sender and the recipient^ said dispatch-related information with said element 
al by generating authentication-information comprising a representation of at least said 
elements al, a2 and a3, said representation comprising a set of one or more elements, each 
comprising a representation of one or more elements of said set A; and 
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securing, by said authenticator^ at least part of said authentication-information against 
tampering of said sender and recipient. 

66. A method of authenticating a dispatch and contents of the dispatch transmitted 
from a sender to a recipient, comprising the steps of: 

receiving content data representative of the contents of the dispatch originated from 
the sender and being electrically transmitted to said recipient, and a destination of the 
dispatch; 

providing an indicia relating to a time of transmission of the dispatch, said time 
related indicia being provided in a manner resistant to or indicative of tampering by either of 
the sender and the recipient; 

associating, by an authenticator functioning as a non-interested third party with 
respect to the sender and the recipient, the content data w^ith dispatch record data which 
includes at least said time related indicia and an indicia relating to the destination of the 
dispatch, to generate authentication data which authenticate the dispatch and the contents of 
the dispatch; and 

securing, by said authenticator^ at least part of the authentication data against 
tampering of the sender and the recipient, 

67. An authenticator for authenticating a dispatch and contents of the dispatch 
transmitted by or for a sender from a transmitting system to a receiving system for a recipient 
via an electronic communication network, comprising: 

an input unit coupled to the communication network or to the transmitting system for 
receiving content data representative of the contents of the dispatch being electronically 
transmitted to said receiving system, and a destination of the dispatch; 

means for providing an indicia relating to a time of transmission of the dispatch, said 
time related indicia being provided in a manner resistant to or indicative of tampering by 
either of the sender and the recipient; 
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a processor for associating the content data with dispatching record data which 
includes at least said time related indicia and an indicia relating to the destination of the 
dispatcher and the contents of the dispatch; and 

means for securing at least part of the authentication data against tampering of the 
sender and the recipient, the authenticator functioning as a non-interested third party with 
respect to the sender and the recipient. 

68. An information dispatch system in an electronic communication network 
comprising; 

a source transmitting system coupled to the electronic communicating network for 
sending a dispatch from a sender to a recipient; 

a destination receiving system coupled to the electronic communication network for 
receiving the dispatch for the recipient; and 

an authenticator functioning as a non-interested third party with respect to the sender and the 
recipient for authenticating the dispatch and contents of the dispatch transmitted from the 
source transmitting system to the destination receiving system, including: 

(1) an input unit coupled to the communication network or to the source transmitting 
system for receiving content data representative of the contents of the dispatch being 
electronically transmitted to said destination receiving system, and a destination of the 
dispatch; 

(2) means for providing an indicia relating to a time of transmission of the dispatch, 
said time related indicia being provided in a manner resistant to or indicative of tampering by 
either of the sender and the recipient; 

(3) a processor for associating the content data with dispatch record data which 
includes at least said time related indicia and an indicia relating to the destination of the 
dispatch, to generate authentication data which authenticate the dispatch and the contents of 
the dispatch; and 
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(4) means for securing at least part of the authentication data against tampering of the 
sender and the recipient. 

69. A method of authenticating a dispatch and contents of the dispatch from a sender 
to a recipient, comprising the steps of 

electronically receiving content data representative of the contents of the dispatch 
originated from the sender, and a destination of the dispatch; 

generating a paper document printout of said electronic content data to be dispatched 
to said recipient via a selected manual delivery service; 

providing an indicia relating to a time of the dispatch, said time related indicia being 
provided in a manner resistant to or indicative of tampering by either of the sender and the 
recipient; 

associating, by an authenticator functioning as a non-interested third party with 
respect to the sender and the recipient, the content data with dispatch record data which 
includes at least said time related indicia and an indicia relating to the destination of the 
dispatch, to generate authentication data which authenticate the dispatch and the contents of 
the dispatch; and 

securing, by said authenticator^ at least part of the authentication data against 
tampering of the sender and the recipient. 

70. A certificate for attesting a dispatch and contents of the dispatch, comprising a 
representation of the following authentication data: 

content data representative of the contents of a dispatch being electronically 
transmitted by a sender to a recipient; and 

dispatch record data which includes at least an indicia relating to the destination of the 
dispatch, said time related indicia being provided in a manner resistant to or indicative of 
tampering by either of the sender and the recipient, and at least part of said authentication 
data being secured against tampering of the sender and the recipient, wherein the 
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authentication data are generated and secured by an authenticator functioning as a non- 
interested third party with respect to the sender and the recipient. 

71. A method for verifying the authenticity of either of the contents, the time and the 
destination relating to a dispatch from a sender to a recipient, comprising the steps of: 

providing a representation of either of said information elements; 

verifying said representation for match with a representation of at least part of 
authentication data, said authentication data generated by an authenticator functioning as a 
non-interested third party with respect to the sender and the recipient and comprising a 
representation of the following information element: content data representative of the 
contents of the dispatch being electronically transmitted by the sender, and dispatch record 
data which includes at least an indicia relating to a time of the dispatch and an indicia relating 
to the destination of the dispatch, said time related indicia being provided in a manner 
resistant to or indicative of tampering by either of the sender and the recipient, and said 
authentication data being secured against tampering of the sender and the recipient, 

72. A method according to claim 72 wherein the step of verifying includes verifying 
according to a verifiable digital signature verification procedure or according to a digital time 
stamping service verification procedure or a combination of both. 

73. A certificate according to claim70, wherein said authentication data is secured 
according to a digital signature or time stamping service scheme or a combination of both. ~ 

REMARKS 

The present application is a continuation of U.S. Apphcation Serial No. 08/981,461, 
which was a national phase application of International Application No, PCT/IB96/00859. 
In the parent '461 application, a Final Action was issued on April 18, 2000. In response, 
applicants submitted a Request For Reconsideration And Amendment After Final ("the 
Request") on August 2, 2000. The Request was not entered. Nevertheless, after an Examiner 
Interview, applicants submitted a Supplemental Amendment After Final to implement certain 
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claim amendments suggested by the Examiner and agreed upon during the Examiner 
Interview, and the parent application was allowed. 

By this Prehminary Amendment, the present continuation application includes claims 
64-73. The correspondence between claims 64-72 and those of the parent application at the 
time the Request was filed is provided below: 

Current Claim No. Claim No. in Parent Application 



64 


64 


65 


94 


66 


125 


67 


137 


68 


149 


69 


158 


70 


159 


71 


160 


72 


161 



In view of the following remarks, applicants respectfully submit that the claims should be 
allowable over the cited references relied upon in the Final Action for the parent application. 

Turning to the rejections in the Final Action for the parent application, claims 64-66, 
69,71-79, 92-96,98, 100, 101, 103-111, 123-127, 131, 132, 134, 137-140, 144, 145, 149- 
151, 153, 154, and 160 were rejected under 35 U.S.C. § 103(a) as being unpatentable over 
Bouricius et al. (U.S. Patent 4,326,098) and an Official Notice that will be discussed in detail 
below. Claims 68, 80, 97, 111, 133, 147, 155, 158 and 161 were rejected under 35 U.S.C. § 
103(a) as being unpatentable over the Bouricius et al. reference and various Official Notices. 
Claim 159 was rejected under 35 U.S.C. § 103(a) as being unpatentable over Schneier in view 
of further Official Notices, 

To put the discussion in perspective, a brief recount of the prosecution of the parent 
application up to the Final Action is beheved to be useful. In the first Office Action for the 



7 



In re application of Feldbau et al. 
Attorney Docket No. 207562 

parent application, independent claims 64, 94, 125, 137, 149, and 160 as well as selected 

dependent claims were rejected under 102(b,e) as being anticipated by Bouricius et al. Claim 

1 59 was rejected under 35 U.S.C. § 102(b) as being anticipated by Schneier. Independent 

claims 158 and selected dependent claims were rejected under 35 U.S.C. § 103(a) as being 

unpatentable over Bouricius et al. in combination with Official Notices, With respect to 

claim 137 that was directed to an "authenticator", the first Office Action rejected the claim by 

asserting: "The applicants' claimed authenticator performs the Applicant's claimed method for 

authenticating." In the responsive Amendment, claim amendments were made such that all 

the independent claims require an authenticator that functions as a non-interested third party 

with respect to the sender and the recipient and generates and secures the dispatch 

authentication information. The second Office Action for the parent application, which was 

made final, repeated the same grounds of rejection given in the first Office Action, but added 

an Official Notice regarding the authenticator, and converted the original Section 102 

rejections into Section 103 rejections. 

Applicants submit that the Final Action for the parent application did not fully 

develop the grounds of the rejections. As described above, the first Office Action did not 

give due weight to the "authenticator," and applicants responded by adding this limitation to 

each of the independent claims to emphasize its importance. The Final Action, however, 

relied on an Official Notice to find the authenticator. Specifically, the Office Action asserted: 

Although Bouricius does not specifically teach an authenticator functioning as a non- 
interested third party with respect to the sender and the recipient, such an 
authenticator acting in such a manner is a feature that is old and well known m the art. 
Therefore it would have been obvious to one of ordinary in the art at the time the 
invention was made to have incorporated this feature into the method of Bouricius et 
al. 

It is applicants' position that it would not have been obvious to combine any "such an 
authenticator" with the system of Bouricius et al. to reach the claimed invention. First of all, 
applicants respectfiilly traverse the assertion in the Final Action that "such an authenticator 
acting in such a manner is a feature that is old and well known in the art." Second, applicants 
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submit that it would not have been obvious to combine "such an authenticator" with the 
system of Bouricius et al. to somehow reach the claimed invention. This is because the 
system of Bouricius et aL and the present invention are based on two entirely different 
conceptual models. The system of Bouricius et al. is based on a model in which the sender 
and recipient of a dispatched document exchange signed copies of the document as proof of 
the dispatch. Thus, both the sender and recipient in the system of Bouricius et al. are 
responsible for generating, exchanging, and storing the proof of a dispatched document. The 
system of Bouricius et aL has a vault for assisting the sender and recipient of the dispatch to 
accomplish authenticated correspondence with each other. Although the vault is a non- 
interested third party in that process, it does not generate or secure any dispatch evidence. 
Rather, it serves merely as a secure and reliable communication channel between the 
correspondents. In this regard, by relying on the Official Notice regarding the "authenticator" 
limitations, the Office Action clearly recognized that the vault of Bouricius et al. is not the 
authenticator of the claimed invention. 

In sharp contrast to the Bouricius et al. approach, in the claimed invention, neither the 
sender nor the recipient is concerned with generating or storing authentication information for 
the dispatch. Rather, it is the authenticator operating as a non-interested third party that 
generates the authentication information and secures it from tampering by the sender and/or 
the recipient. It is critical to note that since the sender and recipient in the system of 
Bouricius et al. are themselves responsible for generating and storing the proof of dispatch, 
that system does not have any need or any room for an authenticator of the claimed invention. 
This is because the signing of the dispatched document by the sender and recipient and 
exchanging the signed document is already sufficient for certifying the contents and dispatch 
of the document. Thus, it would not have been obvious to try to combine such an 
authenticator with the system of Bouricius et al. to somehow reach the claimed invention. 

Accordingly, independent claims 64-69 and 71 (correspond to claims 64, 94, 125, 
137, 149, 158, and 160 of the parent application, respectively), which all include the 
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"authenticator" limitation, should be allowable even if it is assumed that the Official Notice 
regarding the authenticator could be adequately supported. Claim 72 depends from claim 71 
and should therefore also be allowable. 

Independent claim 70 corresponds to claim 159 of the parent application, which was 
rejected in the Final Action for the parent application over Schneier in view of the Official 
Notice about the authenticator. According to the Final Action, Schneier explains a public 
certificate. As discussed above, the context and manner in which the authenticator operates is 
important to the consideration of patentability. The certificate issuing operation of Schneier 
is, however, not related to authenticating a dispatch and its contents from a sender to a 
recipient, and the certificate authority of Schneier is not the authenticator of the claimed 
invention. Thus, it would not have been obvious to combine the system of Schneier with 
authenticator to reach to claimed invention. Accordingly, claim 70 should be allowable. 
Claim 73 depends from claim 70 and thus should also be allowable. 

Conclusion 

In view of the foregoing, applicants respectfully submit that the present application is in 
good and proper form for allowance, and the Examiner is respectfully requested to pass this 
application to issue. 

If, in the opinion of the Examiner, a telephone conference would expedite the 
prosecution of the subject application, the Examiner is invited to call the undersigned attorney. 



Respectfully submitted, 




Y. Kurt Chang - Reg. No. 41,39?^ 
One of the Attorneys for Applicants 
LEYDIG, VOIT & MAYER, LTD. 
Two Prudential Plaza, Suite 4900 
180 North Stetson 
Chicago, Illinois 60601-6780 
(312) 616-5600 (telephone) 
(312) 616-5700 (facsimile) 




Date: November 28, 2000 
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ABPMIATUS AND METHOD FOR AUTHENTICATING 
THE DISPATCH AND CONTENTS OF DOCUMENTS 



FIELD OF THE INVENTION 

The present invention relates to a method and appara- 
tus for authenticating the dispatch and the contents of 
dispatched information in general. 

BACKGROUND OF THE INVENTION 

Post, courier, forwarding and other mail services, 
which enable people to exchange documents and data, have 
been widely used both in the past and at the present time. 
With the evolution of modern technology, the use of elgec- 
tronic dispatch devices and systems, such as modems, facsi- 
mile machines, electronic mail (E-Mail) and EDI systems, 
computers, communication networks, and so forth, to exchan- 
ge data and documents is rapidly evolving. 

A substantial quantity of the information exchanged, 
such as contracts, purchase orders, invoices, monetary 
orders, notices, and even warning and notification messa- 
ges, are of utmost importance. Sometimes, when a dispute 
arises between the sending and receiving party of the ex- 
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changed infonaation, the receiving party may raise the 
claim that he never received the information, that the 
received information was different from what the sender 
claims to have sent, or the receiving party may even at- 
tempt to forge the received information. 

The need, therefore, arises for the sender to prove 
that specific information has been sent at a specific time 
to that specific receiving party. 

Various solutions to various related problems have 
been proposed in the literature. For example, the trans- 
mission operation itself may be authenticated, as shown in 
US Patent 5,339,361 (Schwalm et al.)/ which describes a 
communication system providing a verification system to 
identify both the sender and recipient of electronic infor- 
mation as well as an automatic time stamp for delivery of 
electronic information. This patent, however, does not 
verify the dispatched" information. 

Document authentication methods, for example by nota- 
rization, have long been in use, A method for notarization 
of electronic data is provided by EP-A-516 898 (PITNEY 
BOWES INC.) or its patent family member US Patent 5,022,080 
(Durst et al.) which authenticates that source data has not 
been altered subsequent to a specific date and time. The 
method disclosed includes mathematically generating a se- 
cond unit of data from the first unit of data, as by CRC 
generation, parity check or checksum. The second unit of 
data is then encrypted together with a time/ date indica- 
tion, and optionally with other information to form an 
authentication string. Validation that the first unit of 
data has not been changed is provided by comparing the 
original data's authentication string with the au- 
thentication string generated from the data and time in 
question. A method is even suggested for having the reci- 
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pient verify the authenticity of the sender, the time of 
transmission and the data. 

Other patents which discuss document authentication 
5 are U»S. 5,136,646 and 5,136,647 both to Haber et al. 

According to these patents, a unique digital representation 
of the document (which is obtained by means of a one-way 
hash function) is transmitted to an outside agency, where 
the current time is added to form a receipt. According to 

10 patent 5,13 6,647, the receipt is certified using a crypto- 

graphic digital signature procedure, and is optionally 
linked to other contemporary such receipts thereby fixing 
the document's position in the continuum of time. Accor- 
ding to patent 5,13 6,64 6, the receipt is certified by con- 

15 catenating and hashing the receipt with the current record 

catenate certificate which itself is a number obtained by 
sequential hashing of each prior receipt with the extent 
catenate certificate. 

20 Various cryptographic schemes are known in the prior 

art for encrypting and for authenticating digital data 
and/or its author. For example Symmetric algorithms such 
as DES [1.01] and IDEA [1.02], one-way hash functions 
[1.03] such as MD5 [1.04], Public-Key (asymmetric) algo- 

25 rithms [1-05] such as RSA [1-06], and verifiable digital 

signatures generation algorithms [1.12] such as DSA [1.07] 
or RSA, as well as combinations thereof such as PGP [1.08] 
and MACS [1.13], are currently widely used for security and 
for authentication purposes [1.09]. An excellent publica- 

30 tion relating to encryption, authentication, public-key 

cryptography and to cryptography and data security in gene- 
ral, as well as applications thereof and additional refe- 
rences to multiple sources can be found in [1]. Further 
prior art, in particular referring to integrity of stored 

35 data, can be found in D.W. Davies & W.L. Price "Security 

for computer networks", 1989, John Wiley & Sons, Chichester 
(UK). 
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Proof of delivery of non-electronic dociments is 
provided, for example, by Registered Mail and courier ser- 
vices. It is coitmionly used to authenticate the delivery of 
materials at a certain time to a certain party, and serves 
as admissible proof of delivery in a court of law. Howe- 
ver, no proof is provided as to the information contents of 
the specific dispatch. 

E-mail and other electronic messages forwarding ser- 
vices are commonly used today. The sender sends a message 
to the dispatching service which, in turn, forwards the 
message to the destination and provides the sender with a 
delivery report which typically includes the date and time 
of the dispatch, the recipient's address, the transmission 
completion status, and sometimes even the transmitted data, 
the number of pages delivered, the recipient's identifica- 
tion information, and so on. The provided delivery report 
mainly serves for accounting purposes and for notifying the 
sender of the dispatch and/ or its contents* Moreover, 
frequently no record of the specific dispatched data is 
maintained with the service after the delivery is completed 
or provided to the sender. 

SUMMARY OF THE PRESENT INVENTION 

The literature does not provide a comprehensive solu- 
tion that directly addresses the problem in question: what 
information has been sent to whom and when. Accordingly, 
there is a need for a method and system to provide the 
sender with a convenient means for authenticating both the 
dispatch and the contents of documents, electronic informa- 
tion and other information during the normal flow of daily 
activities . 

It is therefore an object of the present invention to 
improve the capacity of conventional systems and methods 
for dispatching documents and transmitting information to 
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provide the sender with evidence he can use to prove both 
the dispatch and its contents. 

The present invention discloses an apparatus accor- 
ding to claim 1 for authenticating that certain information 
has been sent by a sender via a dispatcher to a recipient, 
the apparatus comprising: 

means for providing a set A comprising a plurality of 
information elements al,«,.,an, said information element al 
comprising the contents of said dispatched information, and 
said one or more information elements a2 , . . . , an containing 
dispatch-related information and comprise at least the 
following elements: 

a2 - a time indication associated with said 
dispatch; and 

a3 - information describing the destination of 
said dispatch, 

and wherein at least one of said information elements is 
provided in a manner that is resistant or indicative of 
0 tamper attempts by said sender; 

means for associating said dispatch-related informa- 
tion with said element al by generating authentication — 
information, in particular comprising a representation of 
at least said elements al, a2 and a3, said representation 
5 comprising a set of one or more elements, each comprising 

a representation of one or more elements of said set A; and 
means for securing at least part of said authentica- 
tion-information against undetected tamper attempts of at 
least said sender. 

Thus, the present invention provides a sender with the 
capability to prove both the dispatch and the contents of 
the dispatched materials. The dispatched materials can be 
paper documents, electronic information or other informa- 
tion which can be dispatched electronically by transmission 
or non-electronically, such as by courier or registered 
mail service, to an address of a recipient. 
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According to the present invention, dispatch related 
information is associated with the contents of the dis- 
patch, in a relatively secure, or reliable manner. This 
associated information can be provided for example to the 
5 sender, and may serve as evidence of both the dispatch and 

its contents, for example, in a court of law, and therefore 
it is collectively referred to herein as the "authentica- 
tion-information" or "evidence" • 

10 Additionally, the present invention discloses a me- 

thod according to claim 27, wherein in essence, a set A 
comprising a plurality of information elements al,,,,,an is 
provided, said information element al comprising the con- 
tents of the dispatched inf oarmation, and said one or more 

15 information elements a2,,.,,an containing dispatch-related 

information and comprise at least the following elements: 

a2 - a time indication associated with said 
dispatch; and 

a3 - information describing the destination of 

2 0 said dispatch, 

and wherein at least one of said information elements is 
provided in a manner that is resistant or indicative of 
tamper attempts by said sender. 

25 Said dispatch-related information is associated with 

said element al by generating authentication-information, 
in particular comprising a representation of at least said 
elements al, a2 and a3 , said representation comprising a 
set of one or more elements, each comprising a represen- 

3 0 tat ion of one or more elements of said set A, and at least 

part of said authentication-information is secured against 
undetected tamper attempts of at least said sender. 

It is appreciated that in accordance with the present 
35 invention, the representation can comprise any number of 

any combination in any form of: the elements themselves, 
identical or equivalent elements such as copies thereof or 
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infonaation describing or identifying these elements; in- 
formation expressive as a mathematical function of one or 
more of these elements and so forth • Each combination may 
be maintained jointly or separately as desired. The repre- 
sentation has a recursive characteristic, i.e., it can com- 
prise a representation of one or more of the above. 

The present invention encompasses all types of infor- 
mation being dispatched, such as that found on paper docu- 
ments or within electronic documents and other electronic 
data, and all types of dispatch methods, such as transmis- 
sion via facsimile machines, modems, computer networks, 
electronic mail systems and so forth, or manually such as 
via registered mail or courier services. 

The term "the contents of the dispatch" herein refers 
to any information element having information content the 
substance of which is equivalent to that of the information 
being dispatched. This includes for example the informa- 
tion source^ either in paper document or electronic form, 
the actual dispatched inf orination, any copies thereof, any 
descriptive information or portion of the information con- 
tents identifying the dispatched information, and so forth 
regardless of the representation or form. 

The present invention also encompasses all types of 
methods and apparatuses which provide and/or associate the 
dispatch information with the contents in a relatively 
secure or reliable manner. The terms "relatively secure" 
and "reliable" herein mean "reasonably tamper-proof" or 
"tamper-detectable"/ i.e., that it is assured that the 
authentic information elements are provided and associated 
in a reliable manner, for example by a non-interested third 
party or by a device or by a combination of both, and fur- 
thermore, that the associated authentication- information is 
secured against fraudulent actions such as disassociation, 
modification, replacement etc., attempted by an interested 
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party such as the sending or receiving party, at least to 
the extent that such actions are detectable* 



The dispatch information can be any information des- 
5 cribing at least the time and destination of the dispatch 

and preferably the dispatch completion status. Other in- 
formation relating to the dispatch, such as the identity of 
the sender and/or the recipient, handshake information, the 
actual elapsed dispatch time, the number of pages dispat- 
10 ched and so forth, the identification of the authenticator , 

for example its name, logo, stamp, etc. , can also be provi- 
ded. 

Finally, the authentication- information can be secu- 
15 red or stored in a secure location or device, in its enti- 

rety or in part, together or separately, as desired. 



BRIEF DESCRIPTION OF THE DRAWINGS 



20 The present invention will be understood and appre- 

ciated more fully from the following detailed description 
taken in conjunction with the drawings in which: 

Fig. 1 is a schematic pictorial illustration of the 
25 authentication method of the present invention implemented 

in a manual manner; 

Fig. 2 is a schematic illustration of an authentica- 
tor, constructed and operative in accordance with a prefer- 
3 0 red embodiment of the present invention; 

Fig. 3 is a schematic illustration of an alternative 
authenticator, constructed and operative in accordance with 
another preferred embodiment of the present invention; 



35 
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Fig* 4 is a schematic illustration of an alternative 
authenticator / constructed and operative in accordance with 
additional preferred embodiment of the present invention 

Figs. 5 and 6 are schematic illustrations of verifi- 
cation mechanisms constructed and operative in accordance 
with the authenticator of Fig, 4; 

Fig. 7 is a schematic illustration of an alternative 
authenticator, constructed and operative in accordance with 
yet another preferred embodiment of the present invention. 

DETAILED DESCRIPTION OF PREFERRED EMBODIMENTS 

Reference is now made to Fig. 1 which illustrates the 
method of the present invention as it can be implemented 
for paper dociaments being sent non-electronically - The 
method of Fig. 1 can be implemented for documents sent via 
any document dispatching service, such as a courier service 
or the registered mail service of the post office. 

The sender 10 provides the documents 12 to be sent 
and a destination address 14 to a clerk 20 of the document 
dispatching service. The clerk 20 prepares a dispatch 
sheet 26, which typically has a unique dispatch identifier 
(not shown) and has room for dispatch information such as 
the date and time of dispatch or delivery 16, the destina- 
tion address 14, an indication 18 of proof of delivery such 
as the recipient's identity and/or signature, and optional- 
ly, additional dispatch information such as the dispat- 
cher's signature and the identity of the sender 10, etc. 

The clerk 20 fills in the dispatch sheet 26 with the 
date/time 16 and the address 14, and then prepares a copy 
24 of the documents 12 and a copy 34 of the dispatch sheet 
26, typically by utilizing a copy machine 22 or an elec- 
tronic scanner. The clerk 20 then places the original 
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documents 12 into an envelope 28 carrying the address 14, 
and sends the envelope 28 to its destination 30. In one 
embodiment of the present invention the dispatching service 
utilizes a cash-register like device to fill in the dis- 
patch sheet 26. This provides for reliable time stamping 
and automated dispatch record keeping. Furthermore, the 
electronic dispatch information produced by such device can 
be associated using a special mathematical method as dis- 
cussed in greater detail hereinbelow. 

The clerk 2 0 associates the copy 24 of the documents 
12 with the copy 34 of the dispatch sheet 2 6 by any method, 
a few examples of which follow: 

a) by inserting the documents copy 24 and the 
dispatch sheet copy 34 into an envelope 32; 

b) by inserting the copy 24 of the documents into 
an envelope 32 and mafking the dispatch identifier on the 
outside of the envelope 32; 

o) by printing the dispatch identifier on the 

documents copy 24; or 

d) attaching the copies 24 and 34 and applying 

the stamp of the dispatch service in such a manner that 
part of the stamp is on the copy 24 of the documents and 
part of the stamp is on the copy 34 of the dispatch sheet 
26. 

Preferably, the clerk 20 secures the copies 24 and 34 
in a manner that makes it difficult to modify or replace 
the information contained therein, for example by marking 
the pages of the copy 24 with the dispatching service's 
signature, stamp or seal, by spreading each page with invi- 
sible or other ink, by sealing the envelope 32 or by retai- 
ning them in the service's secure file 36 and so forth. 
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In one embodiment of the present invention, the asso- 
ciated copies 24 and 34 are provided to the sender at this 
stage (where the dispatch sheet 2 6 is retained with the 
service to ascertain delivery and to fill in the proof of 
delivery indication 18) or after the delivery is completed* 
In another embodiment, the dispatch service retains, in a 
secvire location 36, one or both of the copies 24 and 34, 

The cleric 20 can also identify the authenticating 
party, for example via his signature, or by having the 
dispatch sheet copy 3 4 printed on the stationary of the 
dispatching service, by stamping the documents and/ or dis- 
patch sheet copies with the service's stamp, logo or seal, 
etc. 

When it is desired to authenticate the dispatch of 
the original documents (and possibly also their receipt at 
the destination 30) , either the sender or the document 
dispatching service provides the associated authentication- 
information, for example the envelope 32, unopened, to the 
party which required the authentication. When the envelope 
3 2 is opened, it has associated therewith copies of both 
the dispatched documents and the dispatch information. The 
envelope 32 therefore, provides a reliable proof that the 
original documents 12 were dispatched on the date and to 
the destination listed on or in envelope 32, 

It will be appreciated that, since a non-interested 
third party who is neither the sender nor the receiver 
copied the original documents 12 being sent, it is unlikely 
that the copies stored in the envelope 32 are other than 
copies of the original documents 12. 

Various modifications can be made to the embodiment 
provided hereinabove without departing from the scope and 
spirit of the present invention. For example, the document 
copy could be sent to the destination while the original 
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could be authenticated. The authentication- information 
could be provided by the service, directly to the court of 
law. The document copy could be produced by a scanner or 
a camera and stored in an electronic or other storage devi- 
5 ce such as a disk or on microfilm, while a copy thereof is 

provided to the sender. The original dispatch sheet could 
be first filled out and then provided to the sender instead 
of using a copy. Moreover, the original documents could be 
scanned by the sender in the service's premises into a 

10 secure disk and one printed copy thereof could be sent by 

the service to the destination while another copy could be 
authenticated and provided to the sender. Alternatively, 
the documents could be provided to the service via trans- 
mission (e.g., by facsimile machine) rather than manually. 

15 In the case of a courier, the courier could produce the 

copy himself using a photocopier at the sender's premises, 
and so forth. 

Reference is now made to Fig. 2 which illustrates an 
20 authenticator 70, constructed and operative in accordance 

with a preferred embodiment of the present invention, which 
can be part of a system for transmitting information-, whet- 
her by facsimile machine, modem, computer, network or 
E-Mail stations, and any combinations thereof, or by other 
25 electronic means. 

Fig. 2 illustrates a data communication system com- 
prising a sending transceiver 42, a communication line 45, 
coupled to the sending transceiver 42, a communication 
30 network 44 and a receiving transceiver 46, Authenticator 70 

of the present invention communicates at least with the 
sending transceiver 42, and can form part of the sending 
transceiver 42 or can be separated therefrom. 

35 The sender provides original materials 40 for trans- 

mission, which can be paper documents or electronic infor- 
mation such as computer disk, memory and other electronic 
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information including audio/ video, text and graphics files 
or pictures. The sender also provides the destination 
address 52 which represents the address of the receiving 
transceiver 46 on communication networ]c 44* The address 52 
may for example be a dial number, a network user code and 
so forth. The sending transceiver 42 needs to transmit the 
information contents of the materials 4 0 to the receiving 
transceiver 46* To provide authentication, the transmis- 
sion in Fig. 2 is performed through the authenticator 70 in 
a "store & forward" manner. 

The authenticator 70 comprises input means 72 for 
receiving the transmitted information 60 and the destina- 
tion address 62 from the communication line 45. The input 
means 72 may for example comprise a line interface, a 
Dual-Tone Multi Frequency (DTMF) decoder for receiving a 
destination address 62 such as a dial number, and a trans- 
ceiver similar to that of the sending transceiver 42 which 
can receive the information 60. 

The authenticator 70 also comprises an optional sto- 
rage unit 54 such as a tape, disk or memory device and so 
forth for storing the information 60 and related dispatch 
information, an internal clock 50 for generating a time 
indication 66 of the transmission, a transceiver 76 for 
transmitting the information 60 to address 62 (the trans- 
ceiver 76 can be used by the input unit 72 as well, for 
example by using a relay mechanism), a controller 56, a 
user interface 48, and an output unit 58 for providing the 
authentication-information, for example to the sender. 

The information 60 is then transmitted over the com- 
munication network 44 to the receiving transceiver 46 by 
the transceiver 76 using the address 62. 

The internal clock 50 provides an indication 66 of 
the current time, and is utilized to provide a time indica- 
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■tion for the t.ransiaission. Internal clock 50 is securable 
(to ensure the veracity of the produced time indication 
66) , and preferably provides time indications according to 
a non-changing time standard, such as Greenwich-Mean-Time 
5 (G.M.T.) or UTC- Alternatively, the time indication 66 can 

be externally obtained, for example from a communication 
network server, as long as the source is secured from being 
set or modified by an interested party such as the sender. 
The security of the time indication can be provided in a 

10 number of ways, such as by factory pre-setting the clock 50 

and disabling or password securing the Set Date/Time 
function of the internal clock 50, Alternatively, the 
clock 50 can maintain a "true offset" with the true preset 
date/time, that reflects the offset of the user set date/- 

15 time from the genuine preset one. 

The transmission completion indication 64 provides 
information regarding the success of the transmission. It 
is typically obtained from the communication protocol used 

20 by the transceiver 76. It may be for example in the form 

of an electronic signal provided by the transceiver 76 
which is used to determine the validity of the rest of 
authentication-information, or in a form similar to that 
provided in transmission reports such as "TRAKSMISSION OK" 

25 or "ERROR". In one embodiment of the present invention, 

the fact that the rest of authentication-information ele- 
ments are provided, indicates that an affirmative comple- 
tion indication has been provided, 

30 The storage unit 54 is used for storing the informa- 

tion 60 and/ or the dispatch information, including the 
address 62, the time indication 66, and optionally the 
transmission completion indication 64. Typically, the 
storage unit 54 is relatively secure, such that the authen- 

35 tication-inf ormation contained therein is assumed unchan- 

geable. For example it may be a Write-Once-Read-Many 
(WORM) device such as an optical disk or a Programmable 
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Read-only Memory (PROM) device, it may be enclosed within 
a securable device, or it may be provided with read-only 
access privilege. Alternatively, the authentication- infor- 
mation is stored in a secure manner, for example using a 
compression, private or public key encryption or scrambling 
technique, a password, or a combination thereof, such as 
those employed by the widely used RSA encryption method, 
and by the PKZIP(tm) program from PKWARE Inc., Glendale 
Wisconsin, U.S.A., and where the "securing" procedure, key 
or password are unknown to any interested party. 

The controller 56 associates the information 60 and 
the dispatch information, by storing them in storage unit 
54 and by associating link information with the stored 
authentication- information, for example in the form of a 
unique dispatch identifier such as a sequential dispatch 
number . 

To provide the authentication-information for the 
0 transmission, the dispatch identifier is provided to the 

controller 56 through the user interface 48. The control- 
ler 56, in turn, retrieves the various stored authentica- 
tion-information elements from storage unit 54, If the 
stored information is also secured (i.e., by compression, 
5 password, etc.), the controller 56 "unsecures" them, and 

then provides them to the output unit 58. 

The output unit 58 provides the authentication- infor- 
mation to an output device (not shown) . The authenticator 
0 70 may include an output device or may communicate with 

some external unit. The output device can be, for example, 
a printing unit, a display unit, a storage unit such as a 
computer disk, the printing apparatus of the sending trans- 
ceiver 42 and so forth. 



The information 60 and the dispatch information, can 
be associated with each other in any suitable manner. For 
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example, if the materials 4 0 provided for transmission are 
paper documents, one embodiment of the authehticator 70 
authenticates the original documents by printing the dis- 
patch information on them. In another embodiment, they can 
be stored in storage unit 54 together (e,g., sequentially 
or combined into a single file) , or separately using a link 
information element (e.g., using a dispatch identifier). If 
the output is a printout, output unit 58 typically formats 
the printout to indicate the dispatch information on at 
least one, and preferably on all, of the pages containing 
the printout. Alternatively, a link information element, 
such as a dispatch identifier, can be printed on each prin- 
ted page of the information 60, and separately on a dis- 
patch page containing the dispatch information. Another 
method includes printing both the information 60 and the 
dispatch information together on contiguous paper, optio- 
nally between starting and ending messages, and so forth. 
An alternative special mathematical association method is 
discussed hereinbelow. 

Typically, the authenticator 70 is relatively secure, 
such that the various devices and the authentication-infor- 
mation elements enclosed therein can be assumed to be un- 
changeable. For example, the authenticator' 70 can be en- 
closed within a password protected sealed electronic box 
which, if opened without authorization, may disable the 
normal operation of the authenticator 70, or may clearly 
indicate that it has been tampered with. 

As mentioned hereinabove, the authenticator 70 can 
form part of the sending transceiver 42. Fig. 3 illustra- 
tes such an embodiment, which is similar to that of Fig. 2 
and similar functional elements have similar reference 
numerals. 

In Fig. 3, the input unit 72 of the sending transcei- 
ver 42 comprises means, for example a serial, parallel or 
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disk interface, for inputting the information 60 and the 
destination address 62 from any component of the sending 
transceiver 42, for example from its input devices. The 
sending transceiver 42 replaces the transceiver 76 of Fig. 
2. The storage unit 54 however is optional, as the infor- 
mation 60 and the related dispatch information could be 
provided to the output unit 58 "on-the-fly" in a manner 
similar to that used by the "copy" function of document 
facsimile machines. 

Generally, in various embodiments of the authentica- 
tor 70, the information 60 can be obtained from any source 
and by any means, including a computer, a disk drive, a 
scanner or any other component of the sending transceiver 
42, a communication line, a communication network and any 
combinations thereof, and so forth. 

It is appreciated that in accordance with the present 
invention, the various information elements can be provi- 
ded, generated, associated or secured either by single, 
combined or separate means of the authenticator 70. 

Furthermore, any information element having informa- 
tion content the substance of which is equivalent to that 
of the transmitted information can serve for authentication 
purposes, regardless of its form, representation, format or 
resolution, whether it is a paper document or electronic 
information, whether digital or analog, whether in form of 
dots and lines or alphanumeric, binary, hexadecimal and 
other characters, or whether it is encrypted, compressed or 
represented otherwise, and so forth. The element may con- 
tain additional information which does not change the sub- 
stance and its content, such as a logo, a header message, 
etc. Furthermore, it may contain control, handshake and 
even noise data. Alternatively, an information descriptor 
such as a form number or name can be provided, and /or any 
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other information content such as the form's filled-in 
data^ which identifies the dispatched information. 

Optionally, additional dispatch information may be 
5 provided to, or generated by authenticator 10, such as the 

number of pages transmitted, page numbers, the sender's 
identification, the sending transceiver's 42 identifica- 
tion, the receiving transceiver's 46 identification, the 
transmission elapsed time, a transmission identifier, inte- 

10 grity information such as a cyclic redundancy code (CRC) , 

a checksum or the length of the transmitted information, an 
authenticator identification indication such as a serial 
number, a verification from the communication network 44 
that the transmission has actually taken place at the spe- 

15 cified time from the sender to the recipient's address, a 

heading message, a trailing message and so forth. 

Typically, when the authenticator 70 comprises a 
reasonably secure storage unit 54, the stored information 

2 0 is retained therein and copies thereof are provided to the 

output unit 58 • Preferably, the provided output or any 
part thereof is reasonably secured, so as to prevent any 
fraudulent action. For example, if the output is a prin- 
tout, it can be secured by spreading invisible or other ink 

25 on it, or by using special ink, special print fonts or 

special paper to print the authentication-information, or 
in any other suitable manner. Another method includes 
securing the dispatch information using, for example, an 
encryption technique, and printing the encrypted informa- 

30 tion on the printout. At a later stage the encrypted in- 

formation can be decrypted to provide the true dispatch 
information, and so forth. Likewise, mathematical associa- 
tion method as discussed hereinbelow can also be used. 

35 It will be appreciated that the following embodiments 

fall within the scope of the present invention: 
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The authenticator of the present invention can opera- 
te for information, such as a document produced by a word 
processor, transmitted through a computer* In this embodi- 
ment, the computer may include the secure time generator 
(which may for example be externally plugged into the par- 
allel port) . The authenticator obtains the dispatch infor- 
mation from the transceiver, and the document is provided 
from the hard disk or word processing program. The authen- 
ticator encrypts the document and the dispatch information 
together and stores them in a file. When authentication is 
required, the authenticator retrieves the stored file, 
decrypts it and provides the document and the dispatch 
information associated therewith to a printer. 

Similarly, information transmitted in a computer 
network or electronic mail system can be authenticated, for 
example, by having a file server or mail manager (whose 
time generator is considered secure) store the transmitted 
information together with its associated dispatch informa- 
tion in a secure manner. One embodiment of secure storage 
is that which has read-only privileges. Alternatively, 
such read-only effect can also be obtained by having the 
authentication-information encrypted with the authentica- 
tor 's private key: everybody can decrypt it using the au- 
thenticator 'a public key, but no interested party can chan- 
ge it without such action being detectable. 

The present invention can be operated in conjunction 
with a message transmission forwarding service such as that 
provided by Graphnet Inc. of Teaneck, New Jersey, USA. The 
service obtains the information and address from the sen- 
der, typically by an electronic transmission, occasionally 
converts it (for example from ASCII text or word processor 
format into a transmissible document format) and forwards 
it to the requested address. The forwarding service serves 
as the authenticator and may for example provide the dis- 
patch information associated with the transmitted informa- 
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tion to the sender in a secure manner, such as in a sealed 
envelope or in encrypted form* 

An efficient method for associating a plurality of 
5 information elements is by associating a digital represen- 

tation thereof using a method referred to herein as "ma- 
thematical association". A digital representation of an 
information element can be considered as a number, for 
example as the element's standard binary, hexadecimal or 

10 other base representation. Using mathematical association, 

rather than maintaining the information elements (numbers) 
themselves, it is sufficient to maintain the results (also 
numbers) of one or more functions which are applied to one 
or more of these information elements. (These results are 

15 sometimes referred to as "message-digests", "hash-values" 

or "digital-signatures"). More formally, if A is a set of 
information elements, and F is the mathematical association 
function, then the set B of information elements is obtai- 
ned as the result of applying the function F to the set A 

20 of information elements, i.e. B=F(A) . 

Preferably, the function F is selected such that a 
fraudulent attempt to change the elements of the set A, or 
an attempt to claim that a set A' which comprises different 
25 elements is the original set, can be readily detected by 

comparing the result B' obtained by applying the function 
F to the set A', to the original result B, i.e., by chek- 
king if F(A')=F(A) . 

30 It would be advantageous to select the function ac- 

cording to a cryptographic schemes. Encryption and digital 
envelope functions can provide for secure data interchange. 
Digital signatures can provide for accurate and reliable 
verification of both the signature generator and the data. 

35 One-way hash functions provides for security, and can redu- 

ce the size of the generated signatures while still enable 
verification of the original data used to generate these 



wo 97/08869 



PCT/IB96/00859 



21 

signatures. Utilizing combinations of cryptographic sche- 
mes can optimize particular implementations. 

Various function classes of various degrees of com- 
5 plexity can be used for mathematical association purposes 

in accordance with various embodiments of the present in- 
vention. Furthermore, the function F and/or the result B 
can be kept secret and unknown in general, and to inter- 
ested parties such as the sender or the recipient in parti- 
10 cular. However, even if the function F and/or the result 

B are known, the task of finding a meaningful different set 
A' such that B-F(A') is mostly very difficult even for 
relatively simple functions, not to mention for more com- 
plex ones. 

15 

A special class of functions most* suitable for the 
purposes of the present invention is the class of functions 
having the property that given the result B = F(A), it is 
exceptionally difficult to find a second set A' such that 

20 applying the function F to the second set A' will yield the 

same result B. The term "exceptionally difficult" refers 
herein to the fact that although many different such sets 
A' may exist, it is so difficult to find even one of them 
(sometimes even to find the set A itself) that it is prac- 

25 tically infeasible. In fact, the functions of this class 

"hide" the elements they are applied to, (and sometimes the 
elements even cannot be reconstructed) and therefore this 
class is referred to herein as "the Hiding Class". 

30 There are many advantages to using mathematical asso- 

ciation in general, and functions of the Hiding Class in 
particular: 

(a) It is efficient, for example for saving stora- 
35 ge space and transmission bandwidth, to maintain a function 

result, the size of which is normally very small as compa- 
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red to the original information elements themselves which 
can be arbitrarily large. 

(b) It provides security^ since the result is 
5 cryptic and there is no need to secure the information 

elements themselves. Furthermore, it is difficult, and 
sometimes infeasible to reconstruct the original elements. 

(c) It provides a clear indication as to the au- 
10 thenticity of the elements of the set A used by the 

function to generate the result B, At any later time, the 
result B' obtained by applying. the function F to a purpor- 
ted set A' can be compared to the original result B, and a 
match indicates beyond any reasonable doubt that set A' is 

15 same as the original set A, Moreover / integrity informa- 

tion such as the length of the information elements of the 
set A can be added and used as part of the set A, or 
the results of a plurality of functions can be maintained 
such that to make the task of finding such a different set 

20 A' infeasible. 

(d) The result B' provided for comparison must be 
equal to the original result B, since any change to A will 
yield a different result B' with very high probability, and 

25 even if by chance a different set A' is found for which 

F(A')=B, the chance that it will be meaningful or will have 
the same length is practically zero. 

(e) The function can be selected such that it is 
30 relatively easy and fast to compute the function result. 

Few well known and widely used functions of the Hi- 
ding class are encryption functions (e.g., the RSA [1.06] 
or the DES [1.01] algorithms) and Cyclic-Redundancy-Check 
35 [3] (C.R.C.) functions (e.g., the C.R.C-32 function). 

While C.R.C functions are generally used in applications 
requiring verification as to the integrity of an arbitrari- 
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ly long block of data, encryption is used to maintain the 
original data elements, though in different, cryptic repre- 
sentation. Encryption functions convert the information 
elements into one or more cryptic data blocks using one 
key, while enabling their reconstruction by providing a 
matching (same or different) key. Other well known members 
of this class of functions in the prior art are compression 
functions (e.g., the Lempel-Ziv 1977 [5] and 1978 algo- 
rithms), one-way hash functions [1.03] (e.g», the MD4 [4], 
and MD5 [1-04] algorithms), and MAC s [1.13]. 

Since for authentication purposes there is no need to 
maintain the original information elements, the use of 
encryption functions (which normally maintain the infonna- 
tion - though in a cryptic representation) may be ineffi- 
cient. One-way hash functions (and other functions of the 
Hiding Class) , on the other hand, maintain a small sized 
result value, but the information elements from which the 
result has been produced are secured, i.e., cannot be re- 
constructed therefrom. It would be more advantageous, for 
example, to apply a one-way hash function to the union of 
all the information elements, i.e., to a bit-string,* where 
the leftmost bit is the leftmost bit of the first element, 
and the rightmost bit is the rightmost bit of the last 
element. This produces a cryptic and secure result, as 
described hereinabove. Furthermore, one-way hash functions 
can be computed relatively quickly and easily - 

Generally and more formally, the result B is a set of 
one or more information elements bl,...,bm, where each 
element bi (which itself can comprise one or more informa- 
tion elements) is the result of applying a (possibly diffe- 
rent) function Fi to a subset Si of a set A which comprises 
one or more information elements al,...,an, where the va- 
rious subsets Si are not necessarily disjoint or different, 
each subset Si includes at least a portion of one or more 
(or even all) of the electronic information elements of the 
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set A, and where each function Fi can comprise one or more 
functions (i.e., Fi can be the coiaposition of functions). 
Preferably, the functions Fi are members of the Hiding 
Class. The elements of such a subset Si are considered to 
5 be mathematically associated. 

Assuming that the set A comprises five information 
elements al,a2,a3,a4/a5, a few examples of mathematical 
association function Fi and their result set B follow: (the 
10 UNION function is denoted as U(xl, • • . ,x}c) , which is an 

information element comprising a bit-string, where the 
leftmost bit is the leftmost bit of the element xl, and the 
rightmost bit is the rightmost bit of the element xk.) 

15 (a) single element result set B 

bl^Fl(Sl)=Fl(al,a4,a5) = al/(a4+a5+l) 
bl=Fl(Sl)=Fl(al,a3,a4) = ENCRYPT{U(al,a3,a4) ) 
bl=Fl(Sl)=:Fl{alra2,a3,a4,a5) = 
20 MD5{U(al,a2,a3,a4,a5) ) * C,R.C(a3) mod 5933333 

bl=Fl(Sl)=Fl{al,a2,a3,a4,a5) = 

C.R,C(ENCRyPT(U{al,a2) ) , C0MPRESS{U(a2,a3,a4) ) , al, a5) 
bl=Fl(Sl)=Fl<al,a2,a3,a4,a5) = 

U(al,a2,a3,a4,a5) mod p (where p is a large Prime number) 
25 bl=Fl(Sl)=Fl(al,a2,a3ra4,a5) ^ 

ENCRYPT {MD5(U(al,a2,a3,a4,a5) ) ) 

(b) multi-element result set B 

30 B = [C.R.C{U(al,a3)), a2/(al+l), ENCRYPT(a5}] 

bl=Fl(Sl)=Fl(al,a3) = C.R.C{al,a3) 
b2=F2(S2)==F2(al,a2) = a2/(al+l) 
b3=F3(S3)=F3<a5) = ENCRYPT (a5) 

3 5 The elements of two or more (not necessarily dis- 

joint) subsets of set A can be associated with each other 
by associating the elements of the result set B which cor- 
respond to these subsets, either mathematically, or by 
non-mathematical methods, as described hereinabove. Fur- 

4 0 thermore, if there is a subset of elements of set A to 
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Which no function has been applied, these elements may be 
associated with the elements of the result set B, again 
either mathematically or by non-mathematical methods. 

Moreover, the elements of two or more subsets of the 
set A can be associated with each other by associating the 
elements of each of these subsets with a common subset 
comprising one or more elements of the set A, where this 
common subset uniquely relates to the specific dispatch. 
This type of association is referred to herein as "indirect 
association", and the elements of this common subset are 
referred to herein as "link elements", A link element can 
be for example a unique dispatch number, or the subset 
comprising the time indication and a machine serial number, 
etc. 

For example, assuming that the element a2 of the 
above set A uniquely relates to the dispatch, the following 
function generates a multi-element result set B: 

B = [bl,b2,b3] ^ IEKCRyPT{aX,a2) , COMPRESS <a2 , a3 , a4 ) , a2+a5 ] 

where the subsets Si include the following elements: 
Sl=[al,a2], S2=[a2,a3,a4] and S3=[a2,a5]. The elements of 
each subset are mathematically associated. Since all of 
these subsets include the common link-element a2, all their 
elements (in this case all the elements of the set A) are 
associated with each other. 

Reference is now made to Fig. 4 which is a block 
diagram that illustrates an authenticator 100, constructed 
and operative in accordance with a preferred embodiment of 
the present invention. The authenticator 100 comprises a 
secure time generator 104, a storage device 106 and a 
function executor 102 which has means for inputting the 
following information elements: the transmitted informa- 
tion, the destination address, a time indication generated 
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by the secure time generator 104, and a dispatch completion 
indication. Optionally, additional information elements 
can be provided as well. 

The function executor 102 can be for example a Micro- 
chip Technology Inc.'s PXC16C5X series EPROM-based micro- 
controller, and the input means can be for example an I/O 
port, a serial, parallel or disk interface. The function 
executor 102 is capable of executing a function F on at 
least one, and preferably on the union of all of the input 
elements, and of generating a result information element 
which is provided to a storage device 106, and optionally 
to an output device 108, such as a printing device. 

Preferably, the function F is a member of the Hiding 
Class, and is kept unknown at least to any interested par- 
ty, by the function executor 102. This can be achieved for 
example by enabling the code protection feature of the 
PIC16C5X series microcontroller. Alternatively, a MAC 
[1.13] such as a one-way hash function MAC can be used 
where secret codes, keys and data relating to the function 
can be for example stored in a shielded memory device which 
is automatically erased if the authenticator 100 is tampe- 
red with. Also, preferably the storage device 106 is a 
WORM device, such as a PROM. Preferably, a different 
function is used for each device employing the function F. 
This can be achieved for example by using different keys or 
codes with each function. 

In accordance with one embodiment of the present 
invention, the authenticator further comprises a verifica- 
tion mechanism for verifying the authenticity of a set of 
information elements purported to be identical to the ori- 
ginal set of information elements. It is however apprecia- 
ted that the verification mechanism can be separated there- 
from. 
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Reference is now made to Fig, 5 which is a block 
diagram that illustrates a verification mechanism 120, 
constructed and operative in accordance with a preferred 
embodiment of the present invention, where at least part of 
the information elements were mathematically associated by 
the authenticator 100 of Fig, 4. 

The verification mechanism 120 includes a function 
executor 122 for generating a new result information ele- 
ment according to the same function employed by the 
function executor 102 of Fig. 4, The function executor 122 
has means for inputting information elements corresponding 
to the original information elements input to the function 
executor 102 of Fig. 4., and which are purported to be 
identical to those original elements. 

The verification mechanism 12 0 also comprises a com- 
parator 124, which has input means for inputting the newly 
generated result information element and the original re- 
sult information element which may be obtained from the 
storage device 106 of Fig. 4, or manually, for example 
through a keyboard. The comparator 124 then compares the 
two provided result information elements to determine if 
they are the same, and the comparison result can be output 
for example to a display or printing unit. A match indica- 
tes that the purported information elements are authentic. 

Reference is now made to Fig. 6 which is a block 
diagram that illustrates a verification mechanism 140, 
constructed and operative in accordance with a preferred 
embodiment of the present invention, where the information 
elements were associated non-mathematically , and are for 
example stored in storage unit 54 by the authenticator 70 
of Fig. 2. 

The verification mechanism 140 comprises a comparator 
144, which has input means for inputting at least one of 
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the stored associated information elements from the storage 
unit 54. of Fig. 2. The comparator 124 also has input means 
for inputting the corresponding information elements pur- 
ported to be identical to the stored elements • The compa- 
rator 124 then compares the corresponding information ele- 
ments to determine if they are the same, and the comparison 
result can be output for example to a display or printing 
unit. A match of all the compared elements indicates that 
the purported information elements are authentic • 

It is appreciated that various embodiments of the 
present invention can include a combination of the verifi- 
cation mechanisms described hereinabove. 

Also, part of the securing methods which were des- 
cribed for Fig. 2 include for example encryption and com- 
pression - methods which formally relate to mathematical 
association functions such as ENCRYPT (al, ... ,aj) and COM- 
PRESS (ai, ... ,aj) • Occasionally, there is a need for recon- 
structing some or all of the secured mathematically asso- 
ciated information elements, for example for providing them 
to an output unit or to the comparator of the verification 
mechanism. Since some compression and encryption functions 
(as some other functions) are reversible, they are typical- 
ly used when reconstruction of the elements is needed. (A 
function G is considered reversible if there exists a 
function H such that H(G(x))=x, and the function H is cal- 
led the inverse function of G) . 

As discussed hereinabove, a mathematical association 
function can generally comprise a single function, or the 
composition of two or more functions. For example, the 
function ENCRYPT (al, ... ,aj) comprises a single function - 
ENCRYPT, which is reversible, and its inverse function is 
DECRYPT. Another function C O MP R E S S { E N - 

CRYPT(al) ,C.R.C(a2, ^aj)) is the composition of three 

functions - COMPRESS, ENCRYPT and C.R.C, where the first 
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two are reversible and their inverse function are DECOM- 
PRESS {which yields the set comprising ENCRYPT (al) and 
C»R,C(a2, . . . ,aj) ) , and DECRYPT (which yields the element 
al) respectively. The C.R.C function however, is not rever- 
5 sible. 

Formally, if a function Fi comprises one or more 
functions, some of which are reversible, a set C comprising 
one or more information elements cl,.,.,ck can be genera- 
10 ted, where this set C is expressive as a function I applied 

to the result information element bi of the function Fi, 
where this function I comprises the inverse function of one 
or more of these reversible functions, 

15 While the authentication methods described herein- 

above refer mostly to symmetric digital signatures, a pre- 
ferred authentication method may be obtained using public — 
key digital signatures. A major advantage of public-key 
digital signatures over symmetric digital signatures is 

2 0 that they enable any third party (such as a judge), to 

verify the authenticity of both the data and the signer 
(where by using symmetric digital signatures, only a desi- 
gnated authenticator such as a secure device or a trusted 
third party, which have knowledge of the function, secret 

25 keys/codes etc., can perform the verification). The data 

is guaranteed not to be tampered with, and furthermore, 
once the data is signed, the signer is actually "committed" 
to it and cannot later repudiate his commitment to the 
digitally signed data, for only the signer which has sole 

30 knowledge of his private key could have created the signa- 

ture, thus allowing such data to be legally binding. 

Typically, public-key digital signatures generation 
and data authentication in performed in the following man- 
3 5 ner: a computation involving the signer's private key and 

the data, which can comprise various elements such as the 
dispatched message, the time indication, the destination 
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address, and so forth is performed; the output is the digi- 
tal signature, and may be attached to the data or separated 
therefrom. In later attempt of verification of the data, 
some computation involving the purported data, the signatu- 
5 re, and signer's public key is performed. If the results 

properly hold in simple mathematical relation, the data is 
verified as genuine; otherwise, it may be forged or may 
have been altered or otherwise tampered with. 

10 since the signing process using the whole (plain) 

data is generally time consuming and the signature consumes 
a considerable amount of storage space, typically a relati- 
vely unique representation (also called a "fingerprint" or 
the "message digest") of the data is first generated using 

15 a process in which the data is "condensed" or "hashed", for 

example by means of a one-way hash function into a relative 
small value, thereby fixing its contents, and the signing 
process is performed on the fingerprint, resulting in an 
equivalent effective authentication. Therefore, the term 

20 digital signature herein refers to the digital signature of 

either the plain data element (s) or of any representation 
(function) thereof . 

As described hereinabove, the fingerprint of a series 
25 of data elements can be generated thereby fixing their 

contents and associating them with each other- Since pu- 
blic-key digital signatures belong to the "Hiding Class", 
and since they further own the property that they can be 
generated with one key (such as the private key) , and pro- 
3 0 vide for later non-repudiable verification using another 

matching key (such as the public . key) , the usage of such 
functions for the purposes of the present invention is 
therefore of great advantage, 

35 Reference is now made to Fig, 7 which is a block 

diagram that illustrates an E-Mail system 7 00, and a messa- 
ge dispatch and authentication service 750, constructed and 
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operative in accordance with a preferred embodiiaent of the 
present invention. The sender 701 provides the E-Mail 
message 702 and the recipient's 799 E-Mail address 704 to 
the message dispatch and authentication service 750. Wit- 
5 hout limiting the generality, although reference is made to 

E-Mail dispatching services and systems in general, it is 
appreciated that implementations relating to the embodi- 
ments described herein can be easily extended, modified, 
ported or derived therefrom to other electronic data dis- 
10 patch systems. 

The dispatched message 702 may comprise any digital 
data such as text, pictorial, graphic, audio and video 
data, any number of files etc., in any form or representa- 

15 tion e.g,, compressed, encrypted, plaintext etc. Prefera- 

bly, the message 702 includes the sender's 701 digital 
signature, which the sender can generate by means of his 
private key, in order to establish the sender's "commit- 
ment" to the message 702, and to provide for verification 

20 of the message and sender as the message originator, any 

third party using the sender's public key. 

Digital signatures can be generated in system 700 for 
example by means of a verifiable public-key algorithm such 
25 as RSA or DSA. Fingerprints can be generated for example by 

means of a one-way hash function such as MD4 or MD5. 

The service 750 forwards the message 701 to the reci- 
pient 799 using the address 704. The service 750, prefera- 

30 bly after assuring that the message has been successfully 

delivered, adds (e.g., appends) a dispatch time indication 
720 to the message 702 and the address 704, as well as 
information 708 indicating the success (or failure) of the 
message delivery, obviously, additional dispatch informa- 

3 5 tion elements, such as a sequential dispatch number, the 

sender, recipient and the service identification informa- 
tion and so forth may be added as well. 
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The service 750 then associates the above data ele- 
ments for example by generating their fingerprint, which is 
then signed using the service's private key 752, to produce 
the service's signature 742 • Signing the fingerprint can 
5 reduce the resulting signature 742 coinputation time, trans- 

mission bandwidth and storage space. The service then 
provides back to the sender 701 a service's generated cer- 
tificate 740 comprising the service's signature 742 and 
optionally various dispatch information elements from which 
10 it has been generated (there is no need to provide the 

message 702 and address 704 since they are already with the 
sender 701) , thus the certificate 74 0 is typically tiny* 

Thus, for example, using RSA to generate the signatu- 
15 re, if M is the dispatched message 702, A is the address 

704, T is the time indication 720, I is the delivery infor- 
mation 708, and Ka is the authentication service's RSA 
private key, then the following is a sample calculation of 
S - the signature 742: 

20 

S ^ RSA( MD5(U(T,I,M,A) ) , Ka) 

The certificate 740, which comprises the service's 
digital signature for the dispatch transaction, constitutes 

25 an non-repudiable evidence witnessed by the service for the 

dispatch and its contents, since the dispatched message 
contents is securely associated with the dispatch informa- 
tion, (by means of the service's generated signature and/or 
fingerprint) , and since the signature, the message and the 

30 dispatch information can at any later time be authenticated 

and verified by any third party both for integrity and 
originality by means of the service's public key (and if 
the message has also been signed by the sender, it can 
further be verified in the same manner using the sender's 

35 public key) . 
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Thus, for example if PBKa is the service's public 
key, then by providing the above signature s - the purpor- 
ted message M' , time indication T', address A' and delivery 
information I', can be authenticated by verifying that the 
5 following relation holds: 



RSA(S, PBKa) MD5 (U(T^ , I ' ,M' , A' ) ) 



To increase the credibility of the system, a record 
10 of the certificate 74 0 can be kept with the service, and 

furthermore, a copy of the certificate 740 can be provided 
for storage to one or more trustees, such as a designated 
authority, or law and/or public accounting firms. Alterna- 
tively, the certificate 74 0 may itself be signed by one or 
15 more trustees, using their private keys. 

A related embodiment can utilize a Time Stamping 
Service (TSS) such as the Digital Notary System (DNS) pro- 
vided by Surety Technologies Inc. [1.10], which has been 

20 proposed by Haber et al, in their U.S. patent documents 

[2]. The certificate 740 or any portion thereof (such as 
the signature 742) can be sent to the DNS to be time stam- 
ped. Alternatively, an embodiment of the present invention 
could internally implement the DNS scheme. The DNS genera- 

25 tes a certificate authenticating the certificate 740. Uti- 

lizing such time stamping schemes is of great advantage, 
since the DNS generated certificates are virtually unfor- 
geable, and there is no need to deposit copies of the cer- 
tificates with trustees. Since in this case the DNS time 

30 stamps the certificate 740 anyway, the service 750 itself 

optionally need not add the time indication 720. 

Thus, for example, if C is the certificate 740 (not 
including the time indication 7 2 0) , which comprises A, I, 
35 N and S (as defined above) , and T is the time indication 

added by the DNS, then DNSC - the DNS generated certificate 
may be calculated as follows: 
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DNSC = DNS (C, T) 

As mentioned above ^ the message 702 is preferably 
digitally signed with the sender's 701 private key, to 
enable authentication of the sender's identity as the mes- 
sage originator using the sender's public key, to establish 
the sender's non-repudiable comiaitment to the message, and 
to verify the message integrity. 

Nevertheless, any other method can be used for iden- 
tification and/or authentication of the sender, though such 
methods can sometimes be more vulnerable or less effective. 
One embodiment for example could utilize an hardware compo- 
nent (preferably secured) with the sender's unique identi- 
fication information "burned-into" . In another embodiment 
the service 750 can utilize various log-in procedures to 
identify and authenticate the sender when he logs-in to 
obtain service. Sample authentication protocols and sche- 
mes are described in [1.09] and [1.11]. 

Likewise, the identity of the recipient's 799 of the 
message can be authenticated in similar manners. This is 
useful for example when both the sender and the recipient 
log-into the same dispatch service for E-Mail transactions. 
However, the message 702 is frequently delivered to another 
E-Mail server (acting as the recipient's agent, where the 
recipient later logs-in, identifies himself and downloads 
his messages) rather than to the recipient himself. 

In such embodiments, it might be sufficient to obtain 
proof of delivery from the receiving server, for example in 
form of a server's digitally signed certificate, which may 
for example comprise the server's identification informa- 
tion, a dispatch identifier, the recipient's address and 
preferably the message and so forth (or a fingerprint the- 
reof) - while assuming that the message will eventually 
reach the recipient. Alternatively, a later proof of the 
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final delivery may be obtained from that receiving server. 
Such delivery details as described above may be included in 
the delivery information 708, 

In order to avoid potential disputes, as for example 
in case of contractual E-Mail correspondence, it may be 
useful to back up such correspondence by an agreement where 
the parties agree that delivery indication provided by the 
recipient's agent is to be considered an acceptable proof 
of delivery to the recipient. Alternatively, it may be 
agreed that multiple (two, three or more times of) certi- 
fied dispatches of the message to be considered an accepta- 
ble proof of delivery and so forth. 

In one preferred embodiment, the recipient (or its 
agent) may provide a counter-signature (using his private 
key) for the message, the sender's digital signature of the 
message, or the service's certificate or for any portions 
thereof. This may provide an ultimate evidence for the 
message dispatch, its contents, its time and its delivery 
to its destination. Thus if Ks, Kr, Ka are the private 
keys of the sender, the recipient (or his agent) and the 
authentication service 750 respectively, M is the dispat- 
ched message 702, T is the time indication 720, N is a 
sequential dispatch number, IDs and IDr are the identifica- 
tion information of the sender and recipient respectively, 
and A is the recipient's address 704, then the following 
sample calculations of S - the signature 742 can be perfor- 
med: 



0 



5 



1. 



S 



S 



s 



s 



s 



RSA(Ka,MD5(U(N,A,T,M,IDs,IDr) )) 
RSA(Ka,MD5(U(T,M,M' ,R) ) ) 
RSA(Ka,MD5(U(N,T,A,M,M',R") ) ) 
RSA(Ka,MD5{U(T,M' ,R) ) ) 
DNS(T,MD5 {U(M',R))) 



where 
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M'= RSA(Ks,MD5(M) ) 

R = RSA(Kr,MD5{U(M,N))) 

R'= RSA(Kr,M') 

R"= RSA(Kr,N) 

5 

Such incorporation of identification information 
relating to tlie sender 701, the recipient 799 or both {eit- 
her by means of their digital signature, or otherwise) in 
the certificate generated by the service 750, can provide 
10 for more complete authentication of the entire dispatch 

transaction, and can be used as evidence for the dispatch 
and its contents by both the sender and the recipient* 



BIBLIOGRAPHY AND REFERENCES 



15 



[1] "Applied Cryptography {2nd Edition)", (Schneier 

Bruce, John Wiley & Sons, 1996). 
[1.01] see [1] Chapter 12, pp. 265-301. 
[1.02] see [1] Chapter 13 Section 13.9, pp. 319-325. 
20 [1.03] see [1] Chapter 18 Section 18.1, pp. 429-431. 

[1.04] see [1] Chapter 18 Section 18.5, pp. 436-441., 

see also "One-Way Hash Functions," {B. Schneier, 
Dr. Dobb's Journal M&T Publishing Inc., September 

1991 Vol 16 No. 9 pp. 148-151), see also Internet 
25 Request For Coiranents {RFC) document 1321. 

[1.05] see [1] Chapter 19 Section 19.1, pp. 461-462. 
[1.06] see [1] Chapter 19 Section 19.3, pp. 466-474, see 

also "A Method for Obtaining Digital Signatures 

and Public-Key Crypt osys terns" (Rivest, R.L., A. 
30 Shamir, and L. Adelman, Communications of the 

ACM, ACM Inc., February 1978 Vol 21 No. 2, pp. 

120-126) • 

[1.07] see [1] Chapter 20 Section 20.1, pp. 483-494, see 
also "The Digital Signature Standard proposed by 
35 the National Institute of Standards and Technolo- 

gy" {Communications of the ACM, ACM Inc., July 

1992 Vol 35 No. 7 pp. 36-40), 
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[1.08] see [1] Chapter 24 Section 24. 12^ pp. 584-587. 
[1.09] see [1] Chapter 3 Section 3.2, pp. 52-56 • 
[1.10] see [1] Chapter 4 Section 4.1, pp. 75-79. 
[1.11] see [1] Chapter 21, pp. 503-512. 
5 [1-12] see [1] Chapter 2, Sections 2.6-2.7, pp. 34-44, 

see also [1] Chapter 20, pp. 483-502. 
[1.13] see [1] Chapter 18, Section 18.4, pp. 455-459. 



[2] U.S. Patent Dociments #5,13 6,64 6; #5,136,647, and 

10 #5,373,561. 

[3] "Cyclic Redundancy Checksums (Tutorial)" (Louis, 

B. Gregory, C Users Journal, R&D Publications 
Inc., Oct 1992 vlO nlO p55 (6)), see also "File 
15 verification using C.R.C." (Nelson, Mark R. , Dr. 

Dobb's Journal, M&T Publishing Inc., May 1992 Vol 
17 No. 5 p64 (6) ) . 

[4] "The MD4 Message Digest Algorithm" (R. L. Rivest, 

20 Crypto '90 Abstracts, Aug. 1990, pp. 301-311, 

Springer-Verlag) . 

[5] "A Universal Algorithm for Sequential Data Com- 

pression" (Ziv. J., Lempel A., IEEE Transactions 
25 On Information Theory, Vol 23, No. 3, pp. 

337-343) . 



The references and publications described by the 
above-mentioned articles are incorporated herein by refe- 
30 rence. 



While the present invention has been described with 
reference to a few specific embodiments, the description is 
illustrative of the invention and is not to be construed as 
3 5 limiting the invention. It is appreciated that various 

combinations, modifications and implementations relating to 
or derived from the embodiments described herein may occur 
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to those skilled in the art without departing from the 
scope and spirit of the invention as defined by the appen- 
ded claims. 
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5 WHAT IS CLAIMED IS : 

1. Apparatus for authenticating that certain infor- 
mation has been sent by a sender via a dispatcher to a 
recipient, the apparatus comprising: 

10 means for providing a set A comprising a plurality 

of information elements al,...,an, said information element 
al comprising the contents of said dispatched information, 
and said one or more information elements a2,.-,,an com- 
prising dispatch-related information and comprise at least 

15 the following elements: 

a2 - a time indication associated with said 

dispatch; and 

a3 - information describing the destination of 

said dispatch, 

20 and wherein at least one of said information elements is 

provided in a manner that is resistant or indicative of 
tamper attempts by said sender; 

means for associating said dispatch-related informa- 
tion with said element al by generating authentication — 

25 information, in particular comprising a representation of 

at least said elements al, a2 and a3, said representation 
comprising a set of one or more elements, each comprising 
a representation of one or more elements of said set A; and 
means for securing at least part of said authentica- 

30 tion- information against undetected tamper attempts of at 

least said sender. 

2. Apparatus according to claim 1, wherein said 
element a2 comprise at least one element of the group com- 
35 prising the date associated with said dispatch, and the 

time associated with said dispatch. 



SUBSTITUTE SHEET (RULE 26) 
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3 . Apparatus according to any of claims 1 or 2 , 
wherein said dispatch-related information comprise at least 
one element of the group comprising the following elements: 
a completion indication associated with said dispatch, the 
5 n\amber of pages dispatched, page number, an indication of 

identification associated with said sender, said dispatch 
duration, integrity information, an indication of dispatch 
identification associated with said dispatch, an indication 
of identification associated with said apparatus, a heading 
10 message, and a trailing message* 

4 . Apparatus according to any of claims 1 to 3 , 
wherein said dispatched information has a form selected 
from the group comprising the following forms: a paper 
15 document and electronic information. 

5. Apparatus according to any of claims 1 to 4, 
wherein the elements of said authentication-information and 
of said set A have a form selected from the group compri- 

20 sing the following forms: a paper document and electronic 

information, and where each of said elements can have dif- 
ferent form. 

6. Apparatus according to any of claims 1 to 5, 
25 wherein the information originally provided by said sender 

for dispatch has a form selected from a group comprising 
the following forms: a paper document and electronic infor- 
mation . 

30 7. Apparatus according to any of claims 1 to 6, 

wherein said element al is provided by means comprising at 
least one of the following means: a communication network, 
a scanning device, a copier, a dispatcher, and a computer. 

35 8. Apparatus according to any of claims 1 to 7, 

wherein said dispatcher comprise at least one element of 
the following group: a facsimile machine, a modem, a net- 
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work interface card (NIC) , a computer, a communication 
line, a communication network, an E-Mail system, an EDI 
system, and a dispatching service, 

5 9. Apparatus according to claim 8, wherein said 

dispatching service comprise at least one element of the 
following group: a courier service, the registered mail 
service of the post office, and a message transmission 
forwarding service ► 

10 

10. Apparatus according to any of claims 1 to 9, 
comprising means for providing said dispatched information 
to said dispatcher, 

15 11, Apparatus according to any of claims i to 10, 

and comprising at least part of said dispatcher. 

12. Apparatus according to any of claims claim 1 
to 11, comprising means for preparing at least one element 

2 0 of the group comprising the elements of said set A, and 

said dispatched information. 

13. Apparatus according to any of claims 1 to 12, 
wherein said element a3 comprise at least one element of 

25 the group comprising an address associated with said dis- 

patch, an address associated with said recipient, and an 
indication of identification associated with said reci- 
pient. 

30 14. Apparatus according any of claims 1 to 13, 

wherein at least part of said apparatus is resistant or 
indicative of tamper attempts by at least said sender. 

15. Apparatus according to any of claims i to 14, 
35 comprising means for providing at least part of said au- 

thentication-information to an interested party. 
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16. Apparatus according to clain 15 , wherein said 
interested party comprise at least one element of the fol- 
lowing group: said sender, said recipient, an arbitrator, 
and a legal authority, 

17. Apparatus according to any of claims 1 to 16, 
comprising means for storing at least part of said authen- 
tication-information* 

18. Apparatus according to any of claims 1 to 17, 
comprising means for generating a new set B, said set B 
comprising one or more information elements bl, . . . ,bm, each 
element bi comprising a representation of a subset Si, said 
representation being expressive as a function Fi of the 
elements of said subset Si, where said subset Si comprise 
a digital representation of at least one element of said 
set A, and where said functions Fi can be different. 

19. Apparatus according to claim 18, wherein at 
least one element of said authentication- information com- 
prise a representation of at least part of said new set 

20. Apparatus according to any of claims 1 to 19, 
wherein said set A comprise a link information element, and 
wherein said authentication-information comprise at least 
one element which comprise a representation of at least 
said link element. 

21. Apparatus according to any of claims 18 to 20, 
wherein said function Fi has the property that it is sub- 
stantially difficult to find a set S' comprising at least 
one information element, said set S' being different from 
said subset Si and yet can be used instead, such that ap- 
plying said function Fi to said set S' will yield said 
element bi, i.e., such that Fi(S')=bi. 
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22, Apparatus according to any of claims 18 to 21, 
wherein said function Fi comprise one or more functions* 

23. Apparatus according to any of claims 18 to 22, 
5 wherein at least one member of the group comprising the 

following members: said function Fi, and at least one in- 
formation element of said new set B, is unknown at least to 
said sender* 



10 24. Apparatus according to any of claims 1 to 23, 

comprising means for verifying the authenticity of an in- 
formation element purported to match a corresponding ele- 
ment of said set A, said verification means comprising: 

means for comparing a representation of said 

15 purported information element with a representation of at 

least part of said authentication-information which com- 
prise a representation of at least said corresponding ele- 
ment of said set A to determine if they match. 

20 25. Apparatus according to any of claims 18 to 24, 

comprising means for verifying the authenticity of a set 
Si' comprising one or more information elements which are 
purported to match the corresponding elements of said sub- 
set Si, said verification means comprising: 

25 means for generating a new information element 

bi' comprising a representation of said set Si' which is 
expressive as said function Fi of the elements of said set 
Si'; and 

means for comparing a representation of said 
3 0 element bi' with a representation of said element bi to 

determine if they match. 

26. Apparatus according to any of claims 18 to 25, 
wherein said function Fi comprise at least one reversible 
35 function, comprising means for generating a set C which 

comprise one or more information elements cl,...,c]c, where 
said set C is expressive as a function I of at least part 
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of said information element bi, and said function I com- 
prising the inverse function of at least one of said rever- 
sible functions. 

27, A method for authenticating that certain infor- 
mation has been sent by a sender via a dispatcher to a 
recipient, comprising the steps of: 

providing a set A comprising a plurality of informa- 
tion elements al,,.,,an, said information element al com- 
prising the contents of said dispatched information, and 
said one or more information elements a2,...,an comprising 
dispatch-related information and comprise at least the 
following elements: 

a2 - ■ a time indication associated with said 
dispatch; and 

a3 - information describing the destination of 
said dispatch, 

and wherein at least one of said information elements is 
provided in a manner that is resistant or indicative of 
tamper attempts by said sender; 

associating said dispatch-related information with 
said element al by generating authentication-information, 
in particular comprising a representation of at least said 
elements al, a2 and a3 , said representation comprising a 
set of one or more elements, each comprising a represen- 
tation of one or more elements of said set A; and 

securing at least part of said authentication-infor- 
mation against undetected tamper attempts of at least said 
sender. 

28. A method according to claim 27, wherein at 
least part of the activities described by said steps is 
performed by an authenticator , said authenticator compri- 
sing at least one element of the following group: a party 
other than said sender, said dispatcher, a device, and any 
combination thereof. 
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29. A method according to any of claiitis 27 or 28, 
wherein said dispatch-related information comprise at least 
one element of the group comprising the following elements: 
a completion indication associated with said dispatch, the 
number of pages dispatched, page number, an indication of 
identification associated with said sender, said dispatch 
duration, integrity information, an indication of dispatch 
identification associated with said dispatch, an indication 
of identification associated with said authenticator, a 
heading message, and a trailing message, 

30. A method according to any of claims 27 to 29, 
v/herein said dispatched information has a form selected 
from the group comprising the following forms: a paper 
document and electronic information, 

31. A method according to any of claims 27 to 30, 
wherein the elements of said authentication-information and 
of said set A have a form selected from the group compri- 
sing the following forms: a paper document and electronic 
information, and where each of said elements can have dif- 
ferent form* 

32. A method according to any of claims 27 to 31, 
wherein the infosnaation originally provided by said sender 
for dispatch has a form selected from a group comprising 
the following forms: a paper document and electronic infor- 
mation, 

33. A method according to any of claims 27 to 32, 
wherein said element al is provided by means comprising at 
least one of the following means: a communication network, 
a scanning device, a copier, a dispatcher, and a computer. 

34. A method according to any of claims 27 to 33, 
wherein said dispatcher* comprise at least one element of 
the following group: a facsimile machine, a modem, a net- 
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work interface card (NIC) , a computer, a communication 
line, a communication network, an E-Mail system, an EDI 
system, and a dispatching service. 

5 35. A method according to claim 34, wherein said 

dispatching service comprise at least one element of the 
following group: a courier service, the registered mail 
service of the post office, and a message transmission 
forwarding service ♦ 

10 

36. A method according to any of claims 27 to 35, 
comprising the step of providing said dispatched informa- 
tion to said dispatcher. 

15 37. A method according to any of claims 27 to 36, 

wherein said element a2 comprise at least one element of 
the group comprising the date associated with said dis- 
patch, and the time associated with said dispatch. 

20 38. A method according to any of claims 27 to 37, 

comprising the step of preparing at least one element of 
the group comprising the elements of said set A, and said 
dispatched information. 

25 39. A method according to any of claims 27 to 38, 

wherein said element a3 comprise at least one element of 
the group comprising an address associated with said dis- 
patch, an address associated with said recipient, and an 
indication of identification associated with said reci- 

30 pient. 

40. A method according any of claims 27 to 39, 
comprising the step of dispatching said information to said 
recipient. 

35 

41. A method according to any of claims 27 to 40, 
comprising the step of providing a representation of at 
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least part of said authentication-information to an inter- 
ested party. 

42. A method according to claim 41, wherein said 
interested party comprise at least one element of the fol- 
lowing group: said sender, said recipient, an arbitrator, 
and a legal authority • 

43. A method according to any of claims 27 to 42, 
comprising the step of storing at least part of said au- 
thentication-information in a storage device. 

44. A method according to any of claims 28 or 43, 
wherein at least part of said device is resistant or indi- 
cative of tamper attempts by at least said sender. 

45. A method according to any of claims 27 to 44, 
comprising the step of generating a new set B, said set B 
comprising one or more information elements bl,...,bm, each 
element bi comprising a representation of a subset Si, said 
representation being expressive as a function Fi of the 
elements of said subset Si, where said subset Si comprise 
a digital representation of at least one element of said 
set A, and where said functions Fi can be different. 

46. A method according to claim 45, wherein at 
least one element of said authentication-information com- 
prise a representation of at least part of said new set B. 

47. A method according to any of claims 27 to 46, 
wherein said set A comprise a link information element, and 
wherein said authentication-information comprise at least 
one element which comprise a representation of at least 
said link element. 

48. A method according to any of claims 45 to 47, 
wherein said function Fi has the property that it is sub- 
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stantially difficult to find a set S' comprising at least 
one information element, said set being different from 
said subset Si and yet can be used instead, such that ap- 
plying said function Fi to said set S' will yield said 
i element bi, i.e^ such that Fi(S')=bi- 

49. A method according to any of claims 45 to 48, 
wherein said function Fi comprise one or more functions. 

) 50. A method according to any of claims 45 to 49, 

wherein at least one member of the group comprising the 
following members: said function Fi, and at least one in- 
formation element of said new set B, is unknown at least to 
said sender, 

5 

51, A method according to any of claims 27 to 50, 
comprising the step of verifying the authenticity of an 
information element purported to match a corresponding 
element of said set A, said verification step comprising 
0 the step of: 

comparing a representation of said purported 
information element with a representation of at least part 
of said authentication- information which comprise a repre- 
sentation of at least said corresponding element of said 
:5 set A to determine if they match. 

52. A method according to any of claims 45 to 51, 
comprising the step of verifying the authenticity of a set 
Si' comprising one or more information elements which are 

3 0 purported to match the corresponding elements of said sub- 

set Si, said verification step comprising the steps of: 

generating a new information element bi' com- 
prising a representation of said set Si' which is expressi- 
ve as said function Fi of the elements of said set Si'; and 

35 comparing a representation of said element bi' 

with a representation of said element bi to determine if 
they match* 



wo 97/0886? 



PCT/IB96/00859 



49 

53. A method according to any of claims 45 to 52, 
wherein said function Fi comprise at least one reversible 
function, comprising the step of generating a set C which 
comprise one or more information elements cl,.*.,ck, where 
5 said set C is expressive as a function I of at least part 

of said information element hi, and said function I com- 
prising the inverse function of at least one of said rever- 
sible functions. 

0 54. Apparatus according to any of claims 18 to 26, 

wherein said new set B comprises a verifiable digital si- 
gnature of said subset Si. 

55. Apparatus according to claim 54, comprising a 
5 corresponding verification means for said verifiable digi- 

tal signature, for authenticating at least one of the fol- 
lowing: at least one element of said subset Si, and the 
originator of said digital signature. 

0 56. Apparatus according to any of claims 54 or 55, 

wherein said digital signature is generated according to a 
scheme selected from the group comprising: secret-key (sym- 
metric) cryptosystem, and public-key cryptosy stem . 

15 57. Apparatus according to any of claims 1 to 26, 

or 54 to 56, comprising means for time-stamping at least 
one element of the group comprising the elements of said 
authentication-information and the elements of said set A, 
according to a Time stamping Service scheme. 

50 

58, Apparatus according to any of claims 1 to 26, 
or 54 to 57, comprising means for authenticating the iden- 
tity of at least one member of the group comprising: said 
sender, said recipient, an agent of said sender, and an 
35 agent of said recipient. 
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59. A method according to any of claims 45 to 53, 
wherein said new set B comprises a verifiable digital si- 
gnature of said subset Si* 



5 60. A method according to claim 59, comprising a 

corresponding verification step for said verifiable digital 
signature, for authenticating at least one of the follo- 
wing: at least one element of said subset Si, and the ori- 
ginator of said digital signature* 

10 

61. A method according to any of claims 59 or 60, 
wherein said digital signature is generated according to a 
scheme selected from the group comprising: secret-key (sym- 
metric) cryptosystem, and public-key cryptosystem* 

15 

62. A method according to any of claims 27 to 53, 
or 59 to 61, comprising the step of time-stamping at least 
one element of the group comprising the elements of said 
authentication-information and the elements of said set A, 

20 according to a Time Stamping Service scheme. 

63. A method according to any of claims 27 to 53, 
or 59 to 62, comprising the step of authenticating the 
identity of at least one member of the group comprising: 

25 said sender, said recipient, an agent of said sender, and 

an agent of said recipient. 
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I hereby claim foreign priority benefits under Xitle 35, United States Code, § 119 of any 
foreign application(s) for patent or inventor's certificate or of any PCX international application(s) 
designating at least one country other than the United States of America listed below and have also 
identified below any foreign application(s) for patent or inventor's certificate or any PCX 
international application(s) designating at least one coimtry other than the United States of America 
filed by me on the same subject matter having a filing date before that of the application(s) of 
which priority is claimed. 



COUNTRY 


APPLICATION 


DATE OF FlUNG 
(day,month,year) 


PRIORITY CLAIMED 
UNDER 35 use 119 


European Patent Office 


95113489.9 


28 August 1995 


X 


YES 




NO 


Israel 


117234 


22 February 1996 


X 


YES 




NO 










YES 




NO 



1 



I hereby claim the benefit pursuant to Title 35, United States Code, § 119(e) of the following 
United States provisional application(s): 



PRIOR U.S. PROVISIONAL APPUCATIONS CLAIMING 
THE BENEFIT UNDER 35 USC 1 19(e) 


APPLICATION NO. 


DATE OF FILING 















I hereby claim the benefit under Title 35, United States Code, § 120 of any United States 
application(s) or PCT international application(s) designating the United States of America that 
is/are listed below and, insofar as the subject matter of each of the claims of this application is not 
disclosed in that/those prior application(s) in the manner provided by the first paragraph of Title 
35, United States Code, § 112, 1 acknowledge the duty to disclose material information as defined 
in Title 37, Code of Federal Regulations, § 1.56 which occurred between the filing date of the prior 
application(s) and the national or PCT international filing date of this application. 



PRIOR U.S. APPUCATIONS OR PCT INTERNATIONAL APPUCATIONS 
DESIGNATING THE U.S. FOR BENEFIT UNDER 35 USC 120 


U.S. APPUCATIONS 


STATUS (check one) 


U.S. APPLICATIONS 


U.S. FlUNG DATE 


PATENTED 


PENDING 


ABANDONED 


1. 










2. 










3. 










PCT APPUCATIONS DESIGNATING THE U.S. 


STATUS (check one) 


PCT APPLICATION NO. 


PCT FILING DATE 


U.S. SERIAL NOS. 
ASSIGNED (if any) 


PATENTED 


PENDING 


ABANDONED 


4. PCT/rB96/00859 


27 August 1996 






X 




5. 












6. 












DETAILS OF FOREIGN APPUCATIONS FROM WHICH PRIORITY CLAIMED 
UNDER 35 USC 119 FOR ABOVE USTED U.SiPCT APPUCATIONS 


ABOVE APPLN. NO. 


COUNTRY 


APPUCATiON NO. 


DATE OF FlUNG 
(DAY.MONTH.YR) 


DATE OF ISSUE 
(DAY,MONTH,YR) 


1. 










2, 










3. 










4. PCT/IB96/00859 


1) European Pat. Off. 

2) Israel 


1) 95113489.9 

2) 117234 


1) 28 August 1995 

2) 22 February 1996 




5. 










6. 











As a named inventor, I hereby appoint the following attorneys to prosecute this application and 
transact all business in the Patent and Trademark Office connected therewith. 



Berton Scott Sheppard, Reg. 20922 
James B, Muskal, Reg. 22797 
Dennis R, Schlemmer, Reg. 24703 
Gordon R. Coons, Reg. 20821 
John E. Rosenquist, Reg. 26356 
John W. Kozak, Reg. 251 17 
Charles S. Oslakovic; Reg. 27583 
MarkE. Phelps, Reg. 28461 
H. Michael Hartmann, Reg. 28423 
Bruce M. Gagala, Reg, 28844 
Charles H. Mottier, Reg. 30874 
^ John Kilyk, Jr., Reg. 30763 
I Robert F. Green, Reg, 27555 



Theodore W. Anderson, Reg. 17035 
NoelL Smith, Reg. 18698 
JohnB. Conklin, Reg. 30369 
James D. Zalewa, Reg. 27848 
JohnM. Bel2,Reg. 30359 
Brett A. Hesterberg, Reg, 31837 
Jeffrey A. Wyand, Reg. 29458 
Richard M. Johnson, Reg. 33405 
Paul J. Komiczky, Reg, 32849 
Pamela J. Ruschau, Reg. 34242 
Steven P. Petersen, 32927 
JohnM. Augustyn, Reg. 33589 
Christopher T. Griffith, Reg, 33392 



Wesley O. Mueller, Reg. 33976 
Jeremy M. Jay, Reg. 33587 
Jeffirey B, Burgan, Reg. 35463 
Eley O. Thompson, Reg. 36035 
Mark Joy, Reg. 35562 
Allen E. Hoover, Reg. 37354 
David M. Airan, Reg. 3881 1 
XavierPillai, Reg. 39799 
G- RusseU Thill, Reg. 39854 
David M. Thimmig, Reg. 36034 
Carol Larcher, Reg. 35243 
Thomas A. Miller, Reg, 40091 
Thomas A. Belush, Reg. 37090 
David J. Schodin, Reg. 41294 



"I further direct that correspondence concerning this application be directed to LEYDIG, VOIT & 
MAYER, Lm, Two Prudential Plaza, Suite 4900, 180 North Stetson, Chicago, Illinois 60601- 
; 6780, Telephone (3 12) 616-5600. 

I hereby declare that all statements made herein of my own knowledge are true, that all statements 
, made on information and belief are believed to be true, that these statements were made with the 
: knowledge that willful false statements and the like so made are pxxnishable by fine or 
umprisonment, or both, under Section 1001 of Title 18 of the United States Code, and that such 
; willful false statements may jeopardize the vaUdity of the application or any patent issued thereon. 



Full name of first joint inventor: Feldbau, Ofra 
Inventor's signature 



Date 



9^ 



Country of Citizenship: Israel 



Residence: Ramat Gan, Israel 

Post Office Address: 12, Avtalyon Street, Ramat Gan 52424, Israel 



Full name of second joint inventor: Feldbau, Michael 

Cu 



Inventor's signature 

Date \\j>^/^?~ 



Country of Citizenship: Israel 



Residence: Ramat Gan, Israel 

Post Office Address: 12, Avtalyon Street, Ramat Gan 52424, Israel 



